- Command object is used to perform various operations on database objects tables, views, stored procedures etc;
- We can perform the operations like inserting the records, deleting the records, updating the records etc; and also creating, dropping, altering tables views, stored procedures
- Command object with connection oriented architecture
Properties with command object
2. Command type
3. Connection
4. Command Timeout
5. Parameters
1 Command Text:
- This property is used to mention the required command text value
- Command text can be anyone from sql query (or) stored procedure name (or) table name
2 Command Type:
- Used to set or get the required command text value
- Command type value can be any one from text (or) stored procedure (or) table direct
- All these command type values are stored within the enumeration named as command type like
CommandType.Text (default)
CommandType.StoredProcedure
CommandType.TableDirect
- We will take command type as text if command text is sql query, stored procedure if command text is stored procedure name and table direct if command text required
3 Connection:
- Used to set (or) get the required connection object name using which we would like to execute the command object
4 Command Timeout:
- Used to set (or) get the required time period in seconds that frontend should wait to get response from backend after sending the command object request to backend
- The default command timeout period is 30sec within this time period if frontend doesn’t get any response from the backend then command timeout error will be raised
5 Parameters:
- This is the collection property used to send required parameters & these values that are required to be send to the stored procedures
Steps to work with command object(Non-Parameterized Query )
1. Declare The Command Object
Sy:
Classname Object Name;
Ex:
Sqlcommand Cmd;
2. Define Command Object
Sy:
Object Name=New Classname(“Command Text”, Connection Object)
Ex:Cmd=New
Sqlcommand(“Delete Empdetails Where Empid=14”,Con);
3. Mention Command Type
Sy:
Object Name Command Type=Command Type.Value;
Ex:
Cmd.Commandtype=Commandtype.Text;
4. Open the Connection
Sy:-Connection
Object Name.Open( );
Ex:-Con.Open(
);
5. Execute The Commend Object
Sy:
Object Name.Execution Method( );
Ex:
Cmd.ExecuteNonQuery( );
Execution methods in command object:
ExecuteNonQuery( )
|
ExecuteReader( )
|
ExecuteScalar( )
|
Will work with action queries
only
|
Will work with Non Action queries
only
|
Will work with Non Action queries
that contains aggregate functions
|
Returns the count of Rows
affected by the query
|
Returns the rows selected by the
query
|
Returns the first row & first
column value of the query result
|
Return type is int
|
Return type is Data Reader
|
Return type is object
|
Return value is optional &
can be assigned to integer variable
|
Return value is compulsory &
should be assigned to another object ie Data Reader
|
Return value is compulsory &
should be assigned to the variable of required type
|
Advantages using
Non-Parameterized Query:-
Disadvantages In
Non-Parameterized Query Method:-
[2] possibility of SqlInjection attacks.
To avoid these disadvantages we prefer Parametrized
Queries.
No comments:
Post a Comment